Modern vehicles are intended to be able to communicate with one another, as a result of which, for example, potential traffic accidents are intended to be avoided, since a vehicle then notices, without the assistance of the driver, for example, when another vehicle is approaching. Such a communication is referred to as car-to-car communication or, in short, C2C-communication. An extension thereof is also the communication of vehicles with other subscribers, for example, with traffic infrastructure. Such a communication is then generally referred to as C2X communication.
In connection with this C2C and C2X communication, messages sent out by vehicles are signed, in order to prevent manipulation and falsification. However, such signing makes a vehicle potentially traceable, since the certificates used for signing would be clearly associated with one vehicle.
The common C2X standards (CAMP in the U.S., ETSI in Europe) minimize this problem in that a vehicle receives a large set (up to approximately 2000) of certificates or pseudonym-certificates, from which it may choose. These certificates are not to be linked to one another. Thus, if the vehicle changes its active certificate, its newly signed messages cannot be correlated with its previous messages, and it becomes considerably more difficult to trace.
If each vehicle receives such a set or also a group of certificates, it becomes difficult to impossible to revoke these, if necessary, i.e., to declare them invalid, since each certificate would have to be revoked individually. This would generate significant amounts of data, in particular, in the case of C2X communication.
The CAMP standard solves this problem by introducing a so-called “linkage value” into each certificate generated with the aid of the Butterfly Key method. These “linkage values” are essentially hash chains, via which a set of certificates is linked. They are based on a secret key, which is different for each set of certificates. In the event a set of certificates is to be revoked, this key is published and each C2X subscriber may recalculate the resulting hash chain or the “linkage values.” If such a “linkage value” is found in a certificate, the certificate is considered revoked or invalid.
Thus, a revocation becomes possible, since the key of only one certificate set must be published. Not every certificate need be individually revoked. However, the “linkage value” must be stored in each certificate, which increases significantly the volume of data of the C2X communication, since each C2X message also contains the corresponding certificate.
The ETSI C2X model presently specifies no revocation for pseudonym certificates.
It is therefore desirable to provide an efficient revocation of groups of certificates and, at the same time, a smaller amount of data during the communication.